mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

Home Page:

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

upgrading 57a to 65: unhandled exception in mailinabox run when upgrading nextcloud

soletan opened this issue · comments

Basically, trying upgrading a 57a MIAB server upgraded to 65 again. Procedure is like this:

  • ssh into old server (set up with locally backing up into /storage/backup which is an attached volume of hosting provider with ext4 fs)

  • run mailinabox

  • limit ufw to TCP 22

  • run mailinabox/management/

  • shut down old server

  • use hosting provider to create a snapshot of old server

  • remove old server while keeping IP addresses

  • create new server with Ubuntu 22.04 LTS using same IP addresses as old one

  • re-attach the volume at /storage/backup

  • SSH into new server

  • run curl -s | sudo bash

    Downloading Mail-in-a-Box v65. . .
    Installing packages needed for setup...
    Primary Hostname:
    Public IP Address:
    Public IPv6 Address: 10:10:10:10::1
    Mail-in-a-Box Version:  v65
    Updating system packages...
    Installing system packages...
    Current default time zone: 'Europe/Berlin'
    Local time is now:      Fri Nov 10 23:30:41 CET 2023.
    Universal Time is now:  Fri Nov 10 22:30:41 UTC 2023.
    Initializing system random number generator...
    Creating SSH key for backup…
    Firewall is active and enabled on system startup
    Synchronizing state of fail2ban.service with SysV service script with /lib/systemd/systemd-sysv-install.
    Executing: /lib/systemd/systemd-sysv-install enable fail2ban
    Created symlink /etc/systemd/system/ → /lib/systemd/system/fail2ban.service.
    Creating initial SSL certificate and perfect forward secrecy Diffie-Hellman parameters...
    Generating DH parameters, 2048 bit long safe prime
    Installing nsd (DNS server)...
    Generating DNSSEC signing keys...
    Installing Postfix (SMTP server)...
    Installing Dovecot (IMAP server)...
    Creating new user database: /home/user-data/mail/users.sqlite
    Installing OpenDKIM/OpenDMARC...
    Installing SpamAssassin...
    Installing Nginx (web server)...
    Installing Roundcube (webmail)...
    Installing Nextcloud (contacts/calendar)...
    Upgrading to Nextcloud version 25.0.7
    Nextcloud is already latest version
    photos 2.0.1 disabled
    dashboard 7.5.0 disabled
    activity 2.17.0 disabled
    Installing Z-Push (Exchange/ActiveSync server)...
    Installing Mail-in-a-Box system management daemon...
    Installing Munin (system monitoring)...
    updated DNS:
    web updated
    Okay. I'm about to set up for you. This account will also
    have access to the box's control panel.
    mail user added
    updated DNS:
    web updated
    Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates
    to enable HTTPS connections to your box. We're automatically
    agreeing you to their subscriber agreement. See
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Account registered.
    Your Mail-in-a-Box is running.
    Please log in to the control panel for further instructions at:
    You will be alerted that the website has an invalid certificate. Check that
    the certificate fingerprint matches:
    Then you can confirm the security exception and continue.
  • run rm -rf /home/user-data/ssl/*

  • run export PASSPHRASE="$(cat /storage/backup/secret_key.txt)"

  • run duplicity restore --force file:///storage/backup/encrypted /home/user-data/

  • see a lot of index-related warnings oddly assigning different files with each other, but only files of users' owncloud folders

    (can't attach this one here due to privacy concerns in listed filenames)

  • run mailinabox

  • run into an issue with ssl certificate already existing

    Primary Hostname:
    Public IP Address:
    Public IPv6 Address: 10:10:10:10::1
    Mail-in-a-Box Version:  v65
    Updating system packages...
    Installing system packages...
    Initializing system random number generator...
    Firewall is active and enabled on system startup
    Synchronizing state of fail2ban.service with SysV service script with /lib/systemd/systemd-sysv-install.
    Executing: /lib/systemd/systemd-sysv-install enable fail2ban
    Creating initial SSL certificate and perfect forward secrecy Diffie-Hellman parameters...
    ln: failed to create symbolic link '/home/user-data/ssl/ssl_certificate.pem': File exists
  • run rm -rf /home/user-data/ssl/* again

  • run mailinabox again

ended up with an exception

Primary Hostname:
Public IP Address:
Public IPv6 Address: 10:10:10:10::1
Mail-in-a-Box Version:  v65

Updating system packages...
Installing system packages...
Initializing system random number generator...
Firewall is active and enabled on system startup
Synchronizing state of fail2ban.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable fail2ban
Creating initial SSL certificate and perfect forward secrecy Diffie-Hellman parameters...
Generating DH parameters, 2048 bit long safe prime
Installing nsd (DNS server)...
Installing Postfix (SMTP server)...
Installing Dovecot (IMAP server)...
Installing OpenDKIM/OpenDMARC...
Installing SpamAssassin...
Installing Nginx (web server)...
Installing Roundcube (webmail)...
Updating database schema (2021081000)... [OK]
Updating database schema (2021100300)... [OK]
Updating database schema (2022081200)... [OK]
Installing Nextcloud (contacts/calendar)...
Upgrading Nextcloud --- backing up existing installation, configuration, and database to directory to /home/user-data/owncloud-backup/2023-11-10-23:57:43...

Upgrading to Nextcloud version 21.0.7

An unhandled exception has been thrown:
Doctrine\DBAL\Exception: Failed to connect to the database: An exception occurred in the driver: SQLSTATE[HY000] [14] unable to open database file in /usr/local/lib/owncloud/lib/private/DB/Connection.php:85
Stack trace:
#0 /usr/local/lib/owncloud/3rdparty/doctrine/dbal/src/Connection.php(1519): OC\DB\Connection->connect()
#1 /usr/local/lib/owncloud/3rdparty/doctrine/dbal/src/Connection.php(1041): Doctrine\DBAL\Connection->getWrappedConnection()
#2 /usr/local/lib/owncloud/lib/private/DB/Connection.php(231): Doctrine\DBAL\Connection->executeQuery()
#3 /usr/local/lib/owncloud/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php(345): OC\DB\Connection->executeQuery()
#4 /usr/local/lib/owncloud/lib/private/DB/QueryBuilder/QueryBuilder.php(287): Doctrine\DBAL\Query\QueryBuilder->execute()
#5 /usr/local/lib/owncloud/lib/private/AppConfig.php(345): OC\DB\QueryBuilder\QueryBuilder->execute()
#6 /usr/local/lib/owncloud/lib/private/AppConfig.php(110): OC\AppConfig->loadConfigValues()
#7 /usr/local/lib/owncloud/lib/private/AppConfig.php(301): OC\AppConfig->getApps()
#8 /usr/local/lib/owncloud/lib/private/legacy/OC_App.php(975): OC\AppConfig->getValues()
#9 /usr/local/lib/owncloud/lib/private/Server.php(682): OC_App::getAppVersions()
#10 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC\{closure}()
#11 /usr/local/lib/owncloud/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#12 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet()
#13 /usr/local/lib/owncloud/lib/private/ServerContainer.php(137): OC\AppFramework\Utility\SimpleContainer->query()
#14 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query()
#15 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(177): OC\AppFramework\Utility\SimpleContainer->get()
#16 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#17 /usr/local/lib/owncloud/3rdparty/pimple/pimple/src/Pimple/Container.php(114): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#18 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet()
#19 /usr/local/lib/owncloud/lib/private/ServerContainer.php(137): OC\AppFramework\Utility\SimpleContainer->query()
#20 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query()
#21 /usr/local/lib/owncloud/lib/private/Server.php(1041): OC\AppFramework\Utility\SimpleContainer->get()
#22 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC\{closure}()
#23 /usr/local/lib/owncloud/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#24 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet()
#25 /usr/local/lib/owncloud/lib/private/ServerContainer.php(137): OC\AppFramework\Utility\SimpleContainer->query()
#26 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query()
#27 /usr/local/lib/owncloud/lib/private/Server.php(2000): OC\AppFramework\Utility\SimpleContainer->get()
#28 /usr/local/lib/owncloud/lib/private/Files/View.php(119): OC\Server->getLockingProvider()
#29 /usr/local/lib/owncloud/lib/private/Server.php(430): OC\Files\View->__construct()
#30 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC\{closure}()
#31 /usr/local/lib/owncloud/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#32 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet()
#33 /usr/local/lib/owncloud/lib/private/ServerContainer.php(137): OC\AppFramework\Utility\SimpleContainer->query()
#34 /usr/local/lib/owncloud/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query()
#35 /usr/local/lib/owncloud/lib/private/Server.php(1363): OC\AppFramework\Utility\SimpleContainer->get()
#36 /usr/local/lib/owncloud/lib/base.php(588): OC\Server->boot()
#37 /usr/local/lib/owncloud/lib/base.php(1076): OC::init()
#38 /usr/local/lib/owncloud/console.php(49): require_once('...')
#39 /usr/local/lib/owncloud/occ(11): require_once('...')
#40 {main}root@box:~#

As an aside, this conversation probably belongs in the user forum so others can learn from it, but here goes.

I'm not sure why this happened, based on the info you've provided:
ln: failed to create symbolic link '/home/user-data/ssl/ssl_certificate.pem': File exists

But I can tell you that deleting the .../ssl/ directory after that is incorrect and most certainly caused the "unhandled exception" issue. Basically, the duplicity backup contains your SSL certificates, which is why the instructions are to delete the ssl directory, then restore the backup. You have deleted the directory, restored the backup, then deleted the directory again. So, for starters, you need to get that directory re-populated from the backup. I would advise (1) restoring the backup in a separate location (so what is in there is available), (2) make sure the ssl directory is now empty, then (3) restore the ssl directory (only the ssl directory) from the backup you opened in (1). If you copy it by hand make sure everything in /home/user-data/ssl/ is identical (permissions, ownerships, links, etc) to what is in the backup directory.

Once you're done with that, try running sudo mailinabox again. Also, you didn't post it above, but you need to use sudo (or be root) when you run the duplicity restore.

I was aware of the fact that re-running removal of ssl folder isn't in compliance with the upgrading instructions. However, I was expecting duplicity to properly restore the folder in the first place and somehow this didn't seem to happen either. There are no extra steps I might have forgotten to mention here. Hence, I'm not sure if manually copying ssl folder and restoring its permissions will make any difference for that's what I'd expect duplicity to do, too. But I'll give it a try just to be sure ...

And FWIW all commands have been run as root. I see the slight benefit of not working as root by default, but quite often (not just with regards to MIAB in particular) I have to log in as non-root just so that I can use sudo which isn't mitigating any security risks that much and still requires me to always proceed with great care.